Lucene search
K

6987 matches found

ATTACKERKB
ATTACKERKB
added 2014/02/06 5:44 a.m.6 views

CVE-2014-1487

The Web workers implementation in Mozilla Firefox before 27.0, Firefox ESR 24.x before 24.3, Thunderbird before 24.3, and SeaMonkey before 2.24 allows remote attackers to bypass the Same Origin Policy and obtain sensitive authentication information via vectors involving error messages...

7.5CVSS7.4AI score0.02335EPSS
Exploits1References35
Prion
Prion
added 2014/02/06 5:44 a.m.29 views

Design/Logic Flaw

Mozilla Firefox before 27.0 and SeaMonkey before 2.24 allow remote attackers to bypass the Same Origin Policy and obtain sensitive information by using an IFRAME element in conjunction with certain timing measurements involving the document.caretPositionFromPoint and document.elementFromPoint...

5CVSS6.6AI score0.02467EPSS
Exploits0References19Affected Software8
Prion
Prion
added 2014/02/06 5:44 a.m.22 views

Authentication flaw

The Web workers implementation in Mozilla Firefox before 27.0, Firefox ESR 24.x before 24.3, Thunderbird before 24.3, and SeaMonkey before 2.24 allows remote attackers to bypass the Same Origin Policy and obtain sensitive authentication information via vectors involving error messages...

5CVSS6.8AI score0.02335EPSS
Exploits1References33Affected Software18
Cvelist
Cvelist
added 2014/02/06 2:0 a.m.28 views

CVE-2014-1483

Mozilla Firefox before 27.0 and SeaMonkey before 2.24 allow remote attackers to bypass the Same Origin Policy and obtain sensitive information by using an IFRAME element in conjunction with certain timing measurements involving the document.caretPositionFromPoint and document.elementFromPoint...

9.2AI score0.02467EPSS
Exploits0References19
Cvelist
Cvelist
added 2014/02/06 2:0 a.m.24 views

CVE-2014-1487

The Web workers implementation in Mozilla Firefox before 27.0, Firefox ESR 24.x before 24.3, Thunderbird before 24.3, and SeaMonkey before 2.24 allows remote attackers to bypass the Same Origin Policy and obtain sensitive authentication information via vectors involving error messages...

8.6AI score0.02335EPSS
Exploits1References33
CVE
CVE
added 2014/02/06 2:0 a.m.128 views

CVE-2014-1483

Technical details for CVE-2014-1483 are not publicly provided in the connected documents; sources reference the CVE but do not disclose affected products, versions, root cause, impact, or fixes. Monitor for updates.

5CVSS9AI score0.02467EPSS
Exploits0References19Affected Software1
CVE
CVE
added 2014/02/06 2:0 a.m.138 views

CVE-2014-1487

CVE-2014-1487 affects Mozilla Firefox (Web workers) and related Mozilla suite components. The issue allows remote attackers to bypass Same Origin Policy and obtain sensitive authentication data via error-message handling in Web workers, affecting Firefox versions before 27.0 (and ESR 24.x before ...

7.5CVSS8.3AI score0.02335EPSS
Exploits1References33Affected Software3
OSV
OSV
added 2014/02/05 7:55 p.m.11 views

CVE-2011-3377

The web browser plug-in in IcedTea-Web 1.0.x before 1.0.6 and 1.1.x before 1.1.4 allows remote attackers to bypass the Same Origin Policy SOP and execute arbitrary script or establish network connections to unintended hosts via an applet whose origin has the same second-level domain, but a...

9.6AI score
Exploits0References9
Prion
Prion
added 2014/02/05 7:55 p.m.19 views

Design/Logic Flaw

The web browser plug-in in IcedTea-Web 1.0.x before 1.0.6 and 1.1.x before 1.1.4 allows remote attackers to bypass the Same Origin Policy SOP and execute arbitrary script or establish network connections to unintended hosts via an applet whose origin has the same second-level domain, but a...

4.3CVSS7.6AI score0.02217EPSS
Exploits0References8Affected Software3
Cvelist
Cvelist
added 2014/02/05 7:0 p.m.26 views

CVE-2011-3377

The web browser plug-in in IcedTea-Web 1.0.x before 1.0.6 and 1.1.x before 1.1.4 allows remote attackers to bypass the Same Origin Policy SOP and execute arbitrary script or establish network connections to unintended hosts via an applet whose origin has the same second-level domain, but a...

6.9AI score0.02217EPSS
Exploits0References8
CVE
CVE
added 2014/02/05 7:0 p.m.136 views

CVE-2011-3377

CVE-2011-3377 affects the IcedTea-Web web browser plugin. The vulnerability is a Same Origin Policy bypass in applets whose origin shares the same second-level domain as the target but uses a different sub-domain. Affected are IcedTea-Web 1.0.x before 1.0.6 and 1.1.x before 1.1.4. This bypass can...

4.3CVSS7AI score0.02217EPSS
Exploits0References8Affected Software1
Debian CVE
Debian CVE
added 2014/02/05 7:0 p.m.25 views

CVE-2011-3377

The web browser plug-in in IcedTea-Web 1.0.x before 1.0.6 and 1.1.x before 1.1.4 allows remote attackers to bypass the Same Origin Policy SOP and execute arbitrary script or establish network connections to unintended hosts via an applet whose origin has the same second-level domain, but a...

4.3CVSS7AI score0.02217EPSS
Exploits0
Cent OS
Cent OS
added 2014/02/05 9:18 a.m.73 views

thunderbird security update

CentOS Errata and Security Advisory CESA-2014:0133 An updated thunderbird package that fixes several security issues is now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring...

10CVSS7AI score0.07072EPSS
Exploits7References7
Tenable Nessus
Tenable Nessus
added 2014/02/05 12:0 a.m.35 views

RHEL 5 / 6 : firefox (RHSA-2014:0132)

Updated firefox packages that fix several security issues are now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed severity ratings...

10CVSS7.9AI score0.07072EPSS
Exploits7References14
UbuntuCve
UbuntuCve
added 2014/02/05 12:0 a.m.24 views

CVE-2014-1483

Mozilla Firefox before 27.0 and SeaMonkey before 2.24 allow remote attackers to bypass the Same Origin Policy and obtain sensitive information by using an IFRAME element in conjunction with certain timing measurements involving the document.caretPositionFromPoint and document.elementFromPoint...

5CVSS6.8AI score0.02467EPSS
Exploits0References3
RedHat Linux
RedHat Linux
added 2014/02/04 8:16 p.m.4 views

Mozilla: Cross-origin information leak through web workers (MFSA 2014-09)

The Web workers implementation in Mozilla Firefox before 27.0, Firefox ESR 24.x before 24.3, Thunderbird before 24.3, and SeaMonkey before 2.24 allows remote attackers to bypass the Same Origin Policy and obtain sensitive authentication information via vectors involving error messages...

7.5CVSS7AI score0.02335EPSS
Exploits1References5
RedHat Linux
RedHat Linux
added 2014/02/04 8:16 p.m.37 views

Critical: Red Hat Security Advisory: firefox security update

Updated firefox packages that fix several security issues are now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed severity ratings...

10CVSS7.1AI score0.07072EPSS
Exploits7References8
RedHat Linux
RedHat Linux
added 2014/02/04 7:56 p.m.38 views

Important: Red Hat Security Advisory: thunderbird security update

An updated thunderbird package that fixes several security issues is now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed severity...

10CVSS7AI score0.07072EPSS
Exploits7References9
RedHat Linux
RedHat Linux
added 2014/02/04 7:56 p.m.4 views

Mozilla: Cross-origin information leak through web workers (MFSA 2014-09)

The Web workers implementation in Mozilla Firefox before 27.0, Firefox ESR 24.x before 24.3, Thunderbird before 24.3, and SeaMonkey before 2.24 allows remote attackers to bypass the Same Origin Policy and obtain sensitive authentication information via vectors involving error messages...

7.5CVSS7AI score0.02335EPSS
Exploits1References5
UbuntuCve
UbuntuCve
added 2014/02/04 12:0 a.m.30 views

CVE-2014-1487

The Web workers implementation in Mozilla Firefox before 27.0, Firefox ESR 24.x before 24.3, Thunderbird before 24.3, and SeaMonkey before 2.24 allows remote attackers to bypass the Same Origin Policy and obtain sensitive authentication information via vectors involving error messages...

7.5CVSS6.9AI score0.02335EPSS
Exploits1References5
Rows per page
Query Builder